List of usage examples for org.apache.hadoop.security UserGroupInformation createUserForTesting
@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation createUserForTesting(String user, String[] userGroups)
From source file:org.apache.tez.common.security.TestACLManager.java
License:Apache License
@Test(timeout = 5000) public void testOtherUserACLChecks() throws IOException { String[] groups1 = new String[] { "grp1", "grp2" }; String[] groups2 = new String[] { "grp3", "grp4" }; String[] groups3 = new String[] { "grp5", "grp6" }; UserGroupInformation currentUser = UserGroupInformation.createUserForTesting("currentUser", noGroups); UserGroupInformation user1 = UserGroupInformation.createUserForTesting("user1", groups1); // belongs to grp1 and grp2 UserGroupInformation user2 = UserGroupInformation.createUserForTesting("user2", groups2); // belongs to grp3 and grp4 UserGroupInformation user3 = UserGroupInformation.createUserForTesting("user3", noGroups); UserGroupInformation user4 = UserGroupInformation.createUserForTesting("user4", noGroups); UserGroupInformation user5 = UserGroupInformation.createUserForTesting("user5", groups3); // belongs to grp5 and grp6 UserGroupInformation user6 = UserGroupInformation.createUserForTesting("user6", noGroups); Configuration conf = new Configuration(false); // View ACLs: user1, user4, grp3, grp4. String viewACLs = user1.getShortUserName() + "," + user4.getShortUserName() + " " + "grp3,grp4 "; // Modify ACLs: user3, grp6, grp7 String modifyACLs = user3.getShortUserName() + " " + "grp6,grp7"; conf.set(TezConfiguration.TEZ_AM_VIEW_ACLS, viewACLs); conf.set(TezConfiguration.TEZ_AM_MODIFY_ACLS, modifyACLs); ACLManager aclManager = new ACLManager(currentUser.getShortUserName(), conf); Assert.assertTrue(aclManager.checkAccess(currentUser, ACLType.AM_VIEW_ACL)); Assert.assertTrue(aclManager.checkAccess(user1, ACLType.AM_VIEW_ACL)); Assert.assertTrue(aclManager.checkAccess(user2, ACLType.AM_VIEW_ACL)); Assert.assertFalse(aclManager.checkAccess(user3, ACLType.AM_VIEW_ACL)); Assert.assertTrue(aclManager.checkAccess(user4, ACLType.AM_VIEW_ACL)); Assert.assertFalse(aclManager.checkAccess(user5, ACLType.AM_VIEW_ACL)); Assert.assertFalse(aclManager.checkAccess(user6, ACLType.AM_VIEW_ACL)); Assert.assertTrue(aclManager.checkAccess(currentUser, ACLType.AM_MODIFY_ACL)); Assert.assertFalse(aclManager.checkAccess(user1, ACLType.AM_MODIFY_ACL)); Assert.assertFalse(aclManager.checkAccess(user2, ACLType.AM_MODIFY_ACL)); Assert.assertTrue(aclManager.checkAccess(user3, ACLType.AM_MODIFY_ACL)); Assert.assertFalse(aclManager.checkAccess(user4, ACLType.AM_MODIFY_ACL)); Assert.assertTrue(aclManager.checkAccess(user5, ACLType.AM_MODIFY_ACL)); Assert.assertFalse(aclManager.checkAccess(user6, ACLType.AM_MODIFY_ACL)); }
From source file:org.apache.tez.common.security.TestACLManager.java
License:Apache License
@Test(timeout = 5000) public void testNoGroupsACLChecks() throws IOException { String[] groups1 = new String[] { "grp1", "grp2" }; String[] groups2 = new String[] { "grp3", "grp4" }; String[] groups3 = new String[] { "grp5", "grp6" }; UserGroupInformation currentUser = UserGroupInformation.createUserForTesting("currentUser", noGroups); UserGroupInformation user1 = UserGroupInformation.createUserForTesting("user1", groups1); // belongs to grp1 and grp2 UserGroupInformation user2 = UserGroupInformation.createUserForTesting("user2", groups2); // belongs to grp3 and grp4 UserGroupInformation user3 = UserGroupInformation.createUserForTesting("user3", noGroups); UserGroupInformation user4 = UserGroupInformation.createUserForTesting("user4", noGroups); UserGroupInformation user5 = UserGroupInformation.createUserForTesting("user5", groups3); // belongs to grp5 and grp6 UserGroupInformation user6 = UserGroupInformation.createUserForTesting("user6", noGroups); Configuration conf = new Configuration(false); // View ACLs: user1, user4 String viewACLs = user1.getShortUserName() + "," + user4.getShortUserName() + " "; // Modify ACLs: user3 String modifyACLs = user3.getShortUserName() + " "; conf.set(TezConfiguration.TEZ_AM_VIEW_ACLS, viewACLs); conf.set(TezConfiguration.TEZ_AM_MODIFY_ACLS, modifyACLs); ACLManager aclManager = new ACLManager(currentUser.getShortUserName(), conf); Assert.assertTrue(aclManager.checkAccess(currentUser, ACLType.AM_VIEW_ACL)); Assert.assertTrue(aclManager.checkAccess(user1, ACLType.AM_VIEW_ACL)); Assert.assertFalse(aclManager.checkAccess(user2, ACLType.AM_VIEW_ACL)); Assert.assertFalse(aclManager.checkAccess(user3, ACLType.AM_VIEW_ACL)); Assert.assertTrue(aclManager.checkAccess(user4, ACLType.AM_VIEW_ACL)); Assert.assertFalse(aclManager.checkAccess(user5, ACLType.AM_VIEW_ACL)); Assert.assertFalse(aclManager.checkAccess(user6, ACLType.AM_VIEW_ACL)); Assert.assertTrue(aclManager.checkAccess(currentUser, ACLType.AM_MODIFY_ACL)); Assert.assertFalse(aclManager.checkAccess(user1, ACLType.AM_MODIFY_ACL)); Assert.assertFalse(aclManager.checkAccess(user2, ACLType.AM_MODIFY_ACL)); Assert.assertTrue(aclManager.checkAccess(user3, ACLType.AM_MODIFY_ACL)); Assert.assertFalse(aclManager.checkAccess(user4, ACLType.AM_MODIFY_ACL)); Assert.assertFalse(aclManager.checkAccess(user5, ACLType.AM_MODIFY_ACL)); Assert.assertFalse(aclManager.checkAccess(user6, ACLType.AM_MODIFY_ACL)); }
From source file:org.apache.tez.common.security.TestACLManager.java
License:Apache License
@Test(timeout = 5000) public void checkAMACLs() throws IOException { String[] groups1 = new String[] { "grp1", "grp2" }; String[] groups2 = new String[] { "grp3", "grp4" }; String[] groups3 = new String[] { "grp5", "grp6" }; UserGroupInformation currentUser = UserGroupInformation.createUserForTesting("currentUser", noGroups); UserGroupInformation user1 = UserGroupInformation.createUserForTesting("user1", groups1); // belongs to grp1 and grp2 UserGroupInformation user2 = UserGroupInformation.createUserForTesting("user2", groups2); // belongs to grp3 and grp4 UserGroupInformation user3 = UserGroupInformation.createUserForTesting("user3", noGroups); UserGroupInformation user4 = UserGroupInformation.createUserForTesting("user4", noGroups); UserGroupInformation user5 = UserGroupInformation.createUserForTesting("user5", groups3); // belongs to grp5 and grp6 UserGroupInformation user6 = UserGroupInformation.createUserForTesting("user6", noGroups); Configuration conf = new Configuration(false); // View ACLs: user1, user4, grp3, grp4. String viewACLs = "user1,user4,, grp3,grp4 "; // Modify ACLs: user3, grp6, grp7 String modifyACLs = "user3 grp6,grp7"; conf.set(TezConfiguration.TEZ_AM_VIEW_ACLS, viewACLs); conf.set(TezConfiguration.TEZ_AM_MODIFY_ACLS, modifyACLs); ACLManager aclManager = new ACLManager(currentUser.getShortUserName(), conf); Assert.assertTrue(aclManager.checkAMViewAccess(currentUser)); Assert.assertTrue(aclManager.checkAMViewAccess(user1)); Assert.assertTrue(aclManager.checkAMViewAccess(user2)); Assert.assertFalse(aclManager.checkAMViewAccess(user3)); Assert.assertTrue(aclManager.checkAMViewAccess(user4)); Assert.assertFalse(aclManager.checkAMViewAccess(user5)); Assert.assertFalse(aclManager.checkAMViewAccess(user6)); Assert.assertTrue(aclManager.checkAMModifyAccess(currentUser)); Assert.assertFalse(aclManager.checkAMModifyAccess(user1)); Assert.assertFalse(aclManager.checkAMModifyAccess(user2)); Assert.assertTrue(aclManager.checkAMModifyAccess(user3)); Assert.assertFalse(aclManager.checkAMModifyAccess(user4)); Assert.assertTrue(aclManager.checkAMModifyAccess(user5)); Assert.assertFalse(aclManager.checkAMModifyAccess(user6)); Assert.assertTrue(aclManager.checkDAGViewAccess(currentUser)); Assert.assertTrue(aclManager.checkDAGViewAccess(user1)); Assert.assertTrue(aclManager.checkDAGViewAccess(user2)); Assert.assertFalse(aclManager.checkDAGViewAccess(user3)); Assert.assertTrue(aclManager.checkDAGViewAccess(user4)); Assert.assertFalse(aclManager.checkDAGViewAccess(user5)); Assert.assertFalse(aclManager.checkDAGViewAccess(user6)); Assert.assertTrue(aclManager.checkDAGModifyAccess(currentUser)); Assert.assertFalse(aclManager.checkDAGModifyAccess(user1)); Assert.assertFalse(aclManager.checkDAGModifyAccess(user2)); Assert.assertTrue(aclManager.checkDAGModifyAccess(user3)); Assert.assertFalse(aclManager.checkDAGModifyAccess(user4)); Assert.assertTrue(aclManager.checkDAGModifyAccess(user5)); Assert.assertFalse(aclManager.checkDAGModifyAccess(user6)); }
From source file:org.apache.tez.common.security.TestACLManager.java
License:Apache License
@Test(timeout = 5000) public void checkDAGACLs() throws IOException { String[] groups1 = new String[] { "grp1", "grp2" }; String[] groups2 = new String[] { "grp3", "grp4" }; String[] groups3 = new String[] { "grp5", "grp6" }; UserGroupInformation currentUser = UserGroupInformation.createUserForTesting("currentUser", noGroups); UserGroupInformation user1 = UserGroupInformation.createUserForTesting("user1", groups1); // belongs to grp1 and grp2 UserGroupInformation user2 = UserGroupInformation.createUserForTesting("user2", groups2); // belongs to grp3 and grp4 UserGroupInformation user3 = UserGroupInformation.createUserForTesting("user3", noGroups); UserGroupInformation user4 = UserGroupInformation.createUserForTesting("user4", noGroups); UserGroupInformation user5 = UserGroupInformation.createUserForTesting("user5", groups3); // belongs to grp5 and grp6 UserGroupInformation user6 = UserGroupInformation.createUserForTesting("user6", noGroups); Configuration conf = new Configuration(false); // View ACLs: user1, user4, grp3, grp4. String viewACLs = "user1,user4,, grp3,grp4 "; // Modify ACLs: user3, grp6, grp7 String modifyACLs = "user3 grp6,grp7"; conf.set(TezConfiguration.TEZ_AM_VIEW_ACLS, viewACLs); conf.set(TezConfiguration.TEZ_AM_MODIFY_ACLS, modifyACLs); // DAG View ACLs: user1, user4, grp3, grp4. String dagViewACLs = "user6, grp5 "; // DAG Modify ACLs: user3, grp6, grp7 String dagModifyACLs = "user6,user5 "; conf.set(TezConstants.TEZ_DAG_VIEW_ACLS, dagViewACLs); conf.set(TezConstants.TEZ_DAG_MODIFY_ACLS, dagModifyACLs); UserGroupInformation dagUser = UserGroupInformation.createUserForTesting("dagUser", noGroups); ACLManager amAclManager = new ACLManager(currentUser.getShortUserName(), conf); ACLManager aclManager = new ACLManager(amAclManager, dagUser.getShortUserName(), conf); Assert.assertTrue(aclManager.checkAMViewAccess(currentUser)); Assert.assertFalse(aclManager.checkAMViewAccess(dagUser)); Assert.assertTrue(aclManager.checkAMViewAccess(user1)); Assert.assertTrue(aclManager.checkAMViewAccess(user2)); Assert.assertFalse(aclManager.checkAMViewAccess(user3)); Assert.assertTrue(aclManager.checkAMViewAccess(user4)); Assert.assertFalse(aclManager.checkAMViewAccess(user5)); Assert.assertFalse(aclManager.checkAMViewAccess(user6)); Assert.assertTrue(aclManager.checkAMModifyAccess(currentUser)); Assert.assertFalse(aclManager.checkAMModifyAccess(dagUser)); Assert.assertFalse(aclManager.checkAMModifyAccess(user1)); Assert.assertFalse(aclManager.checkAMModifyAccess(user2)); Assert.assertTrue(aclManager.checkAMModifyAccess(user3)); Assert.assertFalse(aclManager.checkAMModifyAccess(user4)); Assert.assertTrue(aclManager.checkAMModifyAccess(user5)); Assert.assertFalse(aclManager.checkAMModifyAccess(user6)); Assert.assertTrue(aclManager.checkDAGViewAccess(currentUser)); Assert.assertTrue(aclManager.checkDAGViewAccess(dagUser)); Assert.assertTrue(aclManager.checkDAGViewAccess(user1)); Assert.assertTrue(aclManager.checkDAGViewAccess(user2)); Assert.assertFalse(aclManager.checkDAGViewAccess(user3)); Assert.assertTrue(aclManager.checkDAGViewAccess(user4)); Assert.assertTrue(aclManager.checkDAGViewAccess(user5)); Assert.assertTrue(aclManager.checkDAGViewAccess(user6)); Assert.assertTrue(aclManager.checkDAGModifyAccess(currentUser)); Assert.assertTrue(aclManager.checkDAGModifyAccess(dagUser)); Assert.assertFalse(aclManager.checkDAGModifyAccess(user1)); Assert.assertFalse(aclManager.checkDAGModifyAccess(user2)); Assert.assertTrue(aclManager.checkDAGModifyAccess(user3)); Assert.assertFalse(aclManager.checkDAGModifyAccess(user4)); Assert.assertTrue(aclManager.checkDAGModifyAccess(user5)); Assert.assertTrue(aclManager.checkDAGModifyAccess(user6)); }
From source file:org.apache.tez.common.security.TestACLManager.java
License:Apache License
@Test(timeout = 5000) public void testWildCardCheck() { Configuration conf = new Configuration(false); String viewACLs = " * "; String modifyACLs = " * "; conf.set(TezConfiguration.TEZ_AM_VIEW_ACLS, viewACLs); conf.set(TezConfiguration.TEZ_AM_MODIFY_ACLS, modifyACLs); UserGroupInformation a1 = UserGroupInformation.createUserForTesting("a1", noGroups); UserGroupInformation u1 = UserGroupInformation.createUserForTesting("u1", noGroups); ACLManager aclManager = new ACLManager(a1.getShortUserName(), conf); Assert.assertTrue(aclManager.checkAMViewAccess(a1)); Assert.assertTrue(aclManager.checkAMViewAccess(u1)); Assert.assertTrue(aclManager.checkAMModifyAccess(a1)); Assert.assertTrue(aclManager.checkAMModifyAccess(u1)); Assert.assertTrue(aclManager.checkDAGViewAccess(a1)); Assert.assertTrue(aclManager.checkDAGViewAccess(u1)); Assert.assertTrue(aclManager.checkDAGModifyAccess(a1)); Assert.assertTrue(aclManager.checkDAGModifyAccess(u1)); }
From source file:org.apache.tez.common.security.TestACLManager.java
License:Apache License
@Test(timeout = 5000) public void testACLsDisabled() { Configuration conf = new Configuration(false); conf.setBoolean(TezConfiguration.TEZ_AM_ACLS_ENABLED, false); String viewACLs = "a2,u2 "; String modifyACLs = "a2,u2 "; conf.set(TezConfiguration.TEZ_AM_VIEW_ACLS, viewACLs); conf.set(TezConfiguration.TEZ_AM_MODIFY_ACLS, modifyACLs); UserGroupInformation a1 = UserGroupInformation.createUserForTesting("a1", noGroups); UserGroupInformation u1 = UserGroupInformation.createUserForTesting("u1", noGroups); ACLManager aclManager = new ACLManager(a1.getShortUserName(), conf); Assert.assertTrue(aclManager.checkAMViewAccess(a1)); Assert.assertTrue(aclManager.checkAMViewAccess(u1)); Assert.assertTrue(aclManager.checkAMModifyAccess(a1)); Assert.assertTrue(aclManager.checkAMModifyAccess(u1)); Assert.assertTrue(aclManager.checkDAGViewAccess(a1)); Assert.assertTrue(aclManager.checkDAGViewAccess(u1)); Assert.assertTrue(aclManager.checkDAGModifyAccess(a1)); Assert.assertTrue(aclManager.checkDAGModifyAccess(u1)); ACLManager dagAclManager = new ACLManager(aclManager, "dagUser", null); Assert.assertTrue(dagAclManager.checkAMViewAccess(a1)); Assert.assertTrue(dagAclManager.checkAMViewAccess(u1)); Assert.assertTrue(dagAclManager.checkAMModifyAccess(a1)); Assert.assertTrue(dagAclManager.checkAMModifyAccess(u1)); Assert.assertTrue(dagAclManager.checkDAGViewAccess(a1)); Assert.assertTrue(dagAclManager.checkDAGViewAccess(u1)); Assert.assertTrue(dagAclManager.checkDAGModifyAccess(a1)); Assert.assertTrue(dagAclManager.checkDAGModifyAccess(u1)); }
From source file:org.trustedanalytics.auth.gateway.hdfs.integration.config.LocalConfiguration.java
License:Apache License
@Bean @Qualifier(Qualifiers.CONFIGURATION)/*ww w . ja v a 2 s. c o m*/ public org.apache.hadoop.conf.Configuration initializeHdfsCluster() throws IOException, InterruptedException, URISyntaxException { File baseDir = new File("./target/hdfs/" + "testName").getAbsoluteFile(); FileUtil.fullyDelete(baseDir); org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration(false); conf.set(MiniDFSCluster.HDFS_MINIDFS_BASEDIR, baseDir.getAbsolutePath()); conf.setBoolean(DFSConfigKeys.DFS_PERMISSIONS_ENABLED_KEY, true); conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true); MiniDFSCluster.Builder builder = new MiniDFSCluster.Builder(conf); MiniDFSCluster cluster = builder.build(); UserGroupInformation.createUserForTesting("cf", new String[] { "cf" }); UserGroupInformation.createUserForTesting("super", new String[] { "supergroup" }); return cluster.getConfiguration(0); }
From source file:probos.TestStaticMethods.java
License:Open Source License
@Test public void testPolicy() throws Exception { Configuration c = new Configuration(); ServiceAuthorizationManager sam = new ServiceAuthorizationManager(); System.setProperty("hadoop.policy.file", "probos-policy.xml"); sam.refreshWithLoadedConfiguration(c, new ControllerPolicyProvider()); AccessControlList acl = sam.getProtocolsAcls(PBSClient.class); assertNotNull(acl);//from w w w . j a va 2s . c om assertEquals("*", acl.getAclString()); assertTrue(acl .isUserAllowed(UserGroupInformation.createUserForTesting("testUser", new String[] { "mygroup" }))); sam.authorize(UserGroupInformation.getCurrentUser(), PBSClient.class, c, InetAddress.getLocalHost()); }